Page 1530 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1530

chapter is Option B, Option A is also a correct answer in the
                    context of physical security.

               11.  C. The reference monitor validates access to every resource prior to

                    granting the requested access. Option D, the security kernel, is the
                    collection of TCB components that work together to implement the
                    reference monitor functions. In other words, the security kernel is
                    the implementation of the reference monitor concept. Options A
                    and B are not valid TCB concept components.

               12.  B. Option B is the only option that correctly defines a security
                    model. Options A, C, and D define part of a security policy and the

                    certification and accreditation process.

               13.  D. The Bell-LaPadula and Biba models are built on the state
                    machine model.

               14.  A. Only the Bell-LaPadula model addresses data confidentiality.
                    The Biba and Clark-Wilson models address data integrity. The
                    Brewer and Nash model prevents conflicts of interest.

               15.  C. The no read up property, also called the Simple Security Policy,

                    prohibits subjects from reading a higher-security-level object.

               16.  B. The simple property of Biba is no read down, but it implies that
                    it is acceptable to read up.

               17.  D. Declassification is the process of moving an object into a lower
                    level of classification once it is determined that it no longer justifies
                    being placed at a higher level. Only a trusted subject can perform
                    declassification because this action is a violation of the verbiage of

                    the star property of Bell-LaPadula, but not the spirit or intent,
                    which is to prevent unauthorized disclosure.

              18.  B. An access control matrix assembles ACLs from multiple objects
                    into a single table. The rows of that table are the ACEs of a subject
                    across those objects, thus a capabilities list.

               19.  C. The trusted computing base (TCB) has a component known as
                    the reference monitor in theory, which becomes the security kernel
                    in implementation.


              20.  C. The three parts of the Clark-Wilson model’s access control
   1525   1526   1527   1528   1529   1530   1531   1532   1533   1534   1535